Arbor report: Hacktivist and gamer groups are major sources of DDoS attacks

data center securityA new report says that the number of DDoS web attacks involving gamers and hacktivists has greatly increased in the past decade or so. These attacks typically involve attacking websites with massive surges of data and knocking them offline.

The report, compiled byArbor Networks and cited by BBC News, examines 10 years of distributed denial of service (DDoS) web attacks and found that about half of all enterprises were hit with a DDoS attack last year, and most targets also suffered more stealthy DDoS attacks aimed at flying under the radar.

From November 2013 to October 2014 Arbor Networks, specializing in the study of DDoS-attacks, conducted a survey among 287 companies around the world. Ten years ago, the maximum speed of DDoS-attacks amounted to 8GB per second, this has now reached a whopping 400GB.

“The dramatic increase in overall DDoS attacks mitigated in Q4 2014 is an example of how attackers considered this attack type a primary vector in their arsenal,” the report says. “New attack types and increased sophistication are always becoming more apparent.”

DDoS attacks for data exfiltration and extortion

 

In 2004, the corporate world was on watch for self-propagating worms like Slammer and Blaster that devastated networks the year before; and, data breaches were most likely carried out by employees who had direct access to data files. Today, organizations have a much wider and more sophisticated range of threats to worry about, and a much broader attack surface to defend. The business impact of a successful attack or breach can be devastating–the stakes are much higher now.

Nearly 42 percent of ISP and enterprise respondents told Arbor Networks that they were hit by DDoS attacks which made use of a combination of different methods, including bandwidth-sapping, application-layer, and state exhaustion.

In the early days of DDoS, cybercrime gangs had used the technique to extort cash from websites run by  gambling firms that could not afford to be knocked offline.

As per the report, 37 percent of DDoS are disputes between crime gangs; while 36 percent attacks are rooted in competitive rivalry between businesses or gamers. Moreover, the report also added that nearly 34 percent DDoS attacks are from flash crowds or hacktivism; 28 percent attacks are for hiding data exfiltration or other compromises; 25 percent for financial market manipulation; and 24 percent DDoS attacks are for extortion purposes.

“There’s been a massive jump in the number of very large attacks going on out there,” said Darren Anstee, a senior analyst at Arbor. “In 2014 we saw more volumetric attacks, with attackers trying to knock people offline by saturating their access to the internet.”

Application-layer attacks were experienced by 90 percent of respondents in 2014. Ten years ago, 90 percent of respondents cited simple “brute force” flood attacks as the most common attack vector. DDoS attacks today are now components of complex, often long-standing advanced threat campaigns.

Over a third of data center operators reported DDoS attacks that saturated all the Internet bandwidth available. This emphasizes the criticality of the problem for operators of data centers where an outage means not only loss of revenue but also collateral damage extended to customers in the cloud that own their business critical infrastructure.

lizard-squad-ddos-bombMembers of the Lizard Squad made the news recently and are accused of having brought down Facebook, Microsoft, Sony and most recently, the Malaysia Airlines web site. Based on arrests around the UK for hacking activity, the signs are that Lizard Squad are a random group of gamers, showing off to each other.

The majority of recent attacks attributed to Lizard Squad have followed a particular modus operandi. The group has focused on DDoS attacks and Twitter hacks to create high profile incidents which achieve the greatest publicity.

“Hactivists, hacker groups such as Lizard Squad and gamers who wanted revenge on other players were the biggest users of Distributed Denial of Service (DDos) tactics,” Anstee says.

DDoS attacks are not going away and we can expect them to get smarter in 2015. Even organizations with significant amounts of Internet connectivity can now see that capacity exhausted relatively easily by the attacks that are going on out there.

Photo via Pixabay